CVE-2018-9466

Published: Nov 19, 2024Modified: Nov 3, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

In the xmlSnprintfElementContent function of valid.c, there is a possible out of bounds write. This could lead to remote escalation of privilege in an unprivileged app with no additional execution privileges needed. User interaction is needed for exploitation.

Affected (5)

Products: Google: Android

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Google Android	Version 7.0
Google Android	Version 7.1.1
Google Android	Version 7.1.2
Google Android	Version 8.0
Google Android	Version 8.1

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://source.android.com/security/bulletin/2018-09-01

Source: security@android.com

Vendor Advisory

https://security.netapp.com/advisory/ntap-20241108-0002/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.